Subject: Re: [libssh2] All Your Mem Belongs to Us

Re: [libssh2] All Your Mem Belongs to Us

From: Daniel Stenberg <>
Date: Fri, 10 Nov 2006 14:12:44 +0100 (CET)

On Fri, 10 Nov 2006, Satish Mittal wrote:

> I think for sanity, apart from your fix we also need to initialize the
> buf[24] array created on stack to all fields zero (in line 874).

> In my case, the problem was because libssh2_blocking_read was failing and
> returning -1, which was assigned to an unsigned long. James seems to fix
> that, but to me it looks to be more of an implementation problem at SSH
> transport layer protocol itself!

I think first we should make sure we check all calls to
libssh2_blocking_read() for a -1 returned and then bail out if so. The way the
0.14 code just adds the return code to the current number is outright...

With that fixed, I don't see why we would need to zero the array?

Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
libssh2-devel mailing list
Received on 2006-11-10